exploitDog

CVE-2023-25402

Опубликовано: 03 мар. 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

CleverStupidDog yf-exam 1.8.0 is vulnerable to File Upload. There is no restriction on the suffix of the uploaded file, resulting in any file upload.

Ссылки

https://github.com/CleverStupidDog/yf-exam/issues/1
Exploit
Issue Tracking
Third Party Advisory
https://github.com/Fw-fW-fw/UPDATE-CVE/blob/main/CVE-2023-25402
Third Party Advisory
https://github.com/CleverStupidDog/yf-exam/issues/1
Exploit
Issue Tracking
Third Party Advisory
https://github.com/Fw-fW-fw/UPDATE-CVE/blob/main/CVE-2023-25402
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:yf-exam_project:yf-exam:1.8.0:*:*:*:*:*:*:*

EPSS

Процентиль: 24%

0.00083

Низкий

7.5 High

CVSS3

Дефекты

CWE-434

CWE-434

Связанные уязвимости

GHSA-78cg-rc3q-pv8q

CVSS3: 7.5

github

почти 3 года назад

CleverStupidDog yf-exam 1.8.0 is vulnerable to File Upload. There is no restriction on the suffix of the uploaded file, resulting in any file upload.

EPSS

Процентиль: 24%

0.00083

Низкий

7.5 High

CVSS3

Дефекты

CWE-434

CWE-434